Oval Definition:oval:org.opensuse.security:def:74877
Revision Date:2020-12-01Version:1
Title:Security update for libredwg (Moderate)
Description:

This update for libredwg fixes the following issues:

libredwg was updated to release 0.9.3:

Added the -x,--extnames option to dwglayers for r13-r14 DWGs. * Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13. * Add DICTIONARY.itemhandles[] for r13 and r14. * Fixed some dwglayers null pointer derefs, and flush its output for each layer. * Added several overflow checks from fuzzing [CVE-2019-20010, boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012, boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014, boo#1159831], [CVE-2019-20015, boo#1159832] * Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]

Update to release 0.9.1:

Fixed more null pointer dereferences, overflows, hangs and memory leaks for fuzzed (i.e. illegal) DWGs.

Update to release 0.9 [boo#1154080]:

Added the DXF importer, using the new dynapi and the r2000 encoder. Only for r2000 DXFs. * Added utf8text conversion functions to the dynapi. * Added 3DSOLID encoder. * Added APIs to find handles for names, searching in tables and dicts. * API breaking changes - see NEWS file in package. * Fixed null pointer dereferences, and memory leaks (except DXF importer) [boo#1129868, CVE-2019-9779] [boo#1129869, CVE-2019-9778] [boo#1129870, CVE-2019-9777] [boo#1129873, CVE-2019-9776] [boo#1129874, CVE-2019-9773] [boo#1129875, CVE-2019-9772] [boo#1129876, CVE-2019-9771] [boo#1129878, CVE-2019-9775] [boo#1129879, CVE-2019-9774] [boo#1129881, CVE-2019-9770]

Update to 0.8:

add a new dynamic API, read and write all header and object fields by name * API breaking changes * Fix many errors in DXF output * Fix JSON output * Many more bug fixes to handle specific object types
Family:unixClass:patch
Status:Reference(s):1129868
1129869
1129870
1129873
1129874
1129875
1129876
1129878
1129879
1129881
1154080
1159824
1159825
1159826
1159827
1159828
1159831
1159832
1174457
CVE-2019-20009
CVE-2019-20010
CVE-2019-20011
CVE-2019-20012
CVE-2019-20013
CVE-2019-20014
CVE-2019-20015
CVE-2019-9770
CVE-2019-9771
CVE-2019-9772
CVE-2019-9773
CVE-2019-9774
CVE-2019-9775
CVE-2019-9776
CVE-2019-9777
CVE-2019-9778
CVE-2019-9779
CVE-2020-15917
openSUSE-SU-2020:0068-1
openSUSE-SU-2020:1139-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libredwg-0.9.3-lp151.2.3 is installed
  • OR libredwg-devel-0.9.3-lp151.2.3 is installed
  • OR libredwg-tools-0.9.3-lp151.2.3 is installed
  • OR libredwg0-0.9.3-lp151.2.3 is installed
  • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • claws-mail-3.17.6-lp152.3.3 is installed
  • OR claws-mail-devel-3.17.6-lp152.3.3 is installed
  • OR claws-mail-lang-3.17.6-lp152.3.3 is installed
  • BACK